flyio-security-basics

Featured

Apply Fly.io security best practices for secrets management, private networking, TLS certificates, and deploy token scoping. Trigger: "fly.io security", "fly secrets", "fly.io TLS", "fly.io private network".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Fly.io Security Basics ## Overview Fly.io deploys applications to edge locations worldwide using Firecracker microVMs. Security concerns center on deploy token scoping (org-wide vs per-app), secrets management (encrypted at rest, injected as env vars), private networking via WireGuard mesh (6PN), and TLS certificate management. A leaked deploy token can push arbitrary code to production machines across all regions. ## API Key Management ```typescript function validateFlyToken(): void { const token = process.env.FLY_API_TOKEN; if (!token) { throw new Error("Missing FLY_API_TOKEN — use `fly tokens create deploy -a <app>`"); } // Never log tokens; log only token type for debugging const isDeployToken = token.startsWith("FlyV1"); console.log("Fly.io token loaded, type:", isDeployToken ? "deploy" : "personal"); } ``` ## Webhook Signature Verification ```typescript import crypto from "crypto"; import { Request, Response, NextFunction } from "express"; function verifyFlyWebhook(req: Request, res: Response, next: NextFunction): void { const signature = req.headers["x-fly-signature"] as string; const secret = process.env.FLY_WEBHOOK_SECRET!; const expected = crypto.createHmac("sha256", secret).update(req.body).digest("hex"); if (!signature || !crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) { res.status(401).send("Invalid signature"); return; } next(); } ``` ## Input Validation ```typescript import { z } from "zod"; co...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Fly.io · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

fireflies-security-basics

Apply Fireflies.ai security best practices for API keys and webhook verification. Use when securing API keys, verifying webhook signatures, or auditing Fireflies.ai security configuration. Trigger with phrases like "fireflies security", "fireflies secrets", "secure fireflies", "fireflies webhook signature", "fireflies HMAC".

2,266 Updated today
jeremylongshore
AI & Automation Featured

flyio-prod-checklist

Execute Fly.io production deployment checklist with health checks, auto-scaling, monitoring, and rollback procedures. Trigger: "fly.io production", "fly.io go-live", "fly.io prod checklist".

2,266 Updated today
jeremylongshore
AI & Automation Featured

flyio-deploy-integration

Advanced Fly.io deployment strategies including blue-green deployments, canary releases, multi-region rollouts, and Machines API orchestration. Trigger: "fly.io blue-green", "fly.io canary deploy", "fly.io rolling update".

2,266 Updated today
jeremylongshore
AI & Automation Featured

flyio-install-auth

Install flyctl CLI and configure Fly.io authentication with API tokens. Use when setting up a new Fly.io project, configuring deploy tokens, or initializing the Machines API for edge compute deployments. Trigger: "install fly.io", "setup flyctl", "fly.io auth", "fly.io API token".

2,266 Updated today
jeremylongshore
AI & Automation Featured

firecrawl-security-basics

Apply Firecrawl security best practices for API key management and webhook verification. Use when securing API keys, implementing webhook signature validation, or auditing Firecrawl security configuration. Trigger with phrases like "firecrawl security", "firecrawl secrets", "secure firecrawl", "firecrawl API key security", "firecrawl webhook signature".

2,266 Updated today
jeremylongshore